Mining, metal industry needs to see cyber security as shared responsibility: Report

Increasing connectivity of technology across the mining and metals industry is making it more difficult than ever for companies to keep pace and secure their digital environment, according to a report.

According to EY report, 55 per cent of energy and resources companies have experienced a significant cyber security incident in the last year, yet 48 per cent of respondents believe it is unlikely that they would be able to detect a sophisticated cyber-attack.

As mining and metals companies continue to move into the digital age, cyber security needs to be viewed as a key business priority in order to manage risk, particularly in light of the growing threats that exist in today's digital landscape," Burgess Cooper, Partner Cyber Security, EY said.

It is critical for businesses to ensure that the responsibility of limiting the exposure to cyber risks is not one that can be delegated to one or two individuals, Cooper said.

"Cyber security is a shared responsibility therefore, to ensure a robust security framework, organizations need to involve all areas of the business, including media relations, investor and government relations, legal, operations, business, executive risk and any material third parties," Cooper added.

For asset-intensive industries such as mining and metals, the threat is escalating particularly rapidly due to increasing investment in digital, reliance on automation and heightened connectivity between information technology and less mature operational technology. As a result, the report highlights that the entire supply chain is now at risk.

"The Indian mining and metals industry is at the cusp of a transformational change, and digital technologies are at the forefront of driving this change. Operations hitherto considered remote' are being connected through integration of OT (Operational Technology ) and IT systems," Anjani K Agrawal, Partner and National Leader Metals and Mining, EY said.

Being asset intensive, the need for productivity is driving internal digital investments, while increasingly global supply chains also expand the attack surface and pathways, Agrawal said.

"A cyber event can impact its sensitive commercial / commodity trading data, and also its social licence to operate, safety, and environment obligations. The metals and mining companies thus need to embed cyber risk management into their agenda to better react and protect," Agrawal added.